Apache with mod_proxy as a reverse proxy

So mod_proxy

This module implements a proxy/gateway for Apache. It implements proxying capability for AJP13 (Apache JServe Protocol version 1.3), FTP, CONNECT (for SSL), HTTP/0.9, HTTP/1.0, and HTTP/1.1. The module can be configured to connect to other proxy modules for these and other protocols.

This post also can be named as “How to setup a proxy passer(ProxyPass, ProxyPassReverse) in Apache2” because today we are going to look at is how to setup mod_proxy as a reserve proxy in your linux environment. You might be wondering what’s the difference between a forward proxy server and a reverse proxy server? the answer is here. There could be many situation where you want to set up a reserver proxy, couple of them are mentioned below.

Front an application server as tomcat or JBoss with Apache
Application running on a different port other than 80 or 443(we usually only expose 80 or 443 to the public)
Mask the underlying server/Stop direct access to the underlying server

If you are more info on why Apache should be used in front of JBoss/Glassfish/Tomcat? Check this link out. Below image depicts what we are going to do today.

Reserve proxy example, Image courtesy : stackoverflow.com

Configuring Apache

1st you have to install Apache on the ubuntu instance using below command.

sudo apt-get update
sudo apt-get install apache2

Now enable the proxy modules which are required,

proxy – The main proxy module for Apache that manages connections and redirects them.
proxy_http – This module implements the proxy features for HTTP and HTTPS protocols.

To enable the command would be,

sudo a2enmod proxy proxy_http

Now let’s create a virtual host now. If you don’t know about virtual hosts time to read this post. Moving on let me explain the directives.

VirtualHost *:80 – Virtual hosts will be listening on the default port 80(could 443 if you are using https)
ServerName – Server name
ServerAlias – Alternate names
ErrorLog – File contains any errors that it encounters in processing requests
CustomLog – All requests processed by the server. Access log file
ProxyPreserveHost – will pass the Host: line from the incoming request to the proxied host, instead of the hostname specified in the ProxyPass line.

<VirtualHost *:80>
    ServerName dasunhegoda.com
    ServerAlias www.dasunhegoda.com
    ProxyPreserveHost On

    # ProxyPass / http://[IP Addr.]:[port]/
    # ProxyPassReverse / http://[IP Addr.]:[port]/

    ProxyPass / http://192.168.1.10:8080/
    ProxyPassReverse / http://192.168.1.10:8080/

    ErrorLog "/var/logs/apache2/dasun_error_log"
    CustomLog "/var/logs/apache2/dasun_access_log" 

</VirtualHost>

Now enable to the vhost using below command.

sudo a2ensite vhost_name

Now restart the apache web server.

sudo service apache2 restart

Proxing should be working for you now. What above will do is, http://192.168.1.10:8080 application will be exposed via port 80. when you type dasunhegoda.com on the browser it will show the application which is running on http://192.168.1.10:8080. but the browser will never know that it’s the application running on port 8080.

Tips & Tricks

Let’s assume that you are accessing backend server via https if so you have to add SSLProxyEngine on in your virtual host as shown below.

<VirtualHost *:80>
    ServerName dasunhegoda.com
    ServerAlias www.dasunhegoda.com
    ProxyPreserveHost On
    SSLProxyEngine on

    # ProxyPass / https://IP:port/
    # ProxyPassReverse / https://IP:port/

    ProxyPass / https://192.168.1.10:8080/
    ProxyPassReverse / https://192.168.1.10:8080/

    ErrorLog "/var/logs/apache2/dasun_error_log"
    CustomLog "/var/logs/apache2/dasun_access_log" 

</VirtualHost>

That’s it. Piece of cake right? Also note that all directives that comes with mod_proxy are explained here. If you have any questions let me know in the comments below. Your feedback is highly appreciated(happy-face).